CAS-005 Question #220: Real Exam Question with Answer & Explanation

Question

A hospital's requirements for remote third-party monitoring of the HVAC system include the following: - The vendor must be able to continuously monitor system health and respond accordingly. - The vendor must only have network access to the HVAC system. - The vendor must be the only entity with access to the HVAC system. Which of the following best meets the hospital's requirements?

Options

• ADeploying a RDP jump box to allow remote system monitoring
• BInstalling the vendor's monitoring appliance on the internal network and allowing outbound SSL
• CCreating a site-to-site VPN tunnel and allowing restricted access to the system
• DImplementing a reverse web proxy and allowing access from the internet

Explanation

To provide secure, dedicated, and limited remote monitoring of an HVAC system by a third-party vendor, establishing a site-to-site VPN tunnel with restricted access is the best solution.

Common mistakes.

• A. Deploying an RDP jump box offers remote access but typically provides interactive control over a server, which may be broader than 'only network access' and doesn't inherently restrict access to only the vendor.
• B. Installing a vendor's monitoring appliance on the internal network introduces an internal asset, potentially expanding the attack surface, and outbound SSL does not provide the same level of dedicated, restricted access as a VPN.
• D. Implementing a reverse web proxy typically exposes a web application to the internet, which is generally less secure and harder to precisely restrict to 'only the vendor' and 'only network access to the HVAC system' compared to a VPN tunnel.

Concept tested. Secure third-party remote access

Reference. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

No community discussion yet for this question.